The new application is freely available to the security community through IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies. As threats are evolving faster than ever, collaborative development amongst the security community will help organizations adapt quickly and speed innovation in the fight against cybercrime.

An actor-centric security posture, focused on domain names, not just IP addresses

Attribution to reveal targets & motives

Internally sourced threat intelligence

Centralized logging with event decoration

A focus on more durable TTPs

"Effective SOC managers understand that letting their team go 'looking for trouble' can uncover advanced threats. But teams need guidance to perform threat hunting efficiently, and they need a good starting point," says Mark Kendrick, Director of Product Integrations at DomainTools. "The DomainTools App for QRadar can give them that – simply by examining lists of unusual domain registration patterns, a SOC manager can dispatch a team member to dig into the events behind these anomalies."

Advanced threats are organized groups of real people, so mature security teams take an actor-centric approach. They care less about IP addresses and more about names and email addresses. Since advanced groups try to avoid re-using malware and infrastructure, traditional blacklists are not as effective. Instead, teams source their own threat intelligence by aggregating logs across their organization, especially web proxy and DNS logs. This is critical because these actors are hard to detect and have long dwell times in victim networks. Finally, since IOCs (Indicators of Compromise) shift quite rapidly, making them difficult and expensive to correlate with published threat intelligence, top organizations focus instead on the actor's tactics, techniques, and procedures, or TTPs, which change less frequently and, with the right data, can be detected more precisely.

About DomainToolsDomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com or follow us on Twitter: @domaintools.